Ransom:Win32/Ymacco.AAA3 malicious file

The Ransom:Win32/Ymacco.AAA3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Ymacco.AAA3 virus can do?

Creates RWX memory
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Uses Windows utilities for basic functionality
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Tries to unhook or modify Windows functions monitored by Cuckoo
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Network activity detected but not expressed in API logs
Likely virus infection of existing system binary

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ransom:Win32/Ymacco.AAA3?


File Info:
crc32: 3B54FB77
md5: ecc4eeb82ce659f15a0470d97659964f
name: upload_file
sha1: 2848f4988ea4e3ea75b4d3d3589fb15bb0c04bb5
sha256: a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
sha512: 09eed015175a508058661dbbb8c4d677786d296c7ebc82377ea7fd5bd2dfc3879d65d467842a20b2b36e8d9c1142563b8c183a761b4f364805eb3497f44036ab
ssdeep: 98304:68qSiwOhUqE82mcoS9oYx1RMdLlYcZLdWcmKza7P+c/sVvaHolX:hHEUK2mco8TRcYKRxmKubEVSoX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Ymacco.AAA3 also known as:

Bkav	W32.AIDetectVM.malware1
MicroWorld-eScan	Trojan.GenericKD.43566381
FireEye	Generic.mg.ecc4eeb82ce659f1
CAT-QuickHeal	TrojanRansom.Agent
McAfee	Artemis!ECC4EEB82CE6
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Malicious.4!c
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.43566381
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_80% (D)
TrendMicro	Ransom_Ymacco.R03BC0DH220
Symantec	Downloader
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.43566381
Kaspersky	Trojan-Ransom.Win32.Agent.axwf
Alibaba	Ransom:Win32/generic.ali2000027
NANO-Antivirus	Trojan.Win32.Drop.hpiquz
ViRobot	Trojan.Win32.Z.Agent.6017536
Rising	Ransom.VHDLocker!1.C88A (CLOUD)
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.43566381 (B)
F-Secure	Trojan.TR/Ransom.sbeqg
DrWeb	Trojan.MulDrop11.51552
Zillya	Trojan.Agent.Win32.1358755
Invincea	heuristic
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.VHDLocker
Cyren	W32/Trojan.QLOM-6097
Avira	TR/Ransom.sbeqg
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Agent
Microsoft	Ransom:Win32/Ymacco.AAA3
Arcabit	Trojan.Generic.D298C52D
ZoneAlarm	Trojan-Ransom.Win32.Agent.axwf
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Agent.C4171247
BitDefenderTheta	Gen:NN.ZexaF.34144.@FW@amnQa!oi
ALYac	Trojan.Ransom.Filecoder
TACHYON	Trojan/W32.Agent.6017536.B
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Ransom.Vhd
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Filecoder.OBF
TrendMicro-HouseCall	Ransom_Ymacco.R03BC0DH220
Tencent	Win32.Trojan.Agent.Aojc
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Ad-Aware	Trojan.GenericKD.43566381
AVG	Win32:Malware-gen
Cybereason	malicious.88ea4e
Paloalto	generic.ml
Qihoo-360	Generic/HEUR/QVM19.1.E4A1.Malware.Gen

How to remove Ransom:Win32/Ymacco.AAA3?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ransom:Win32/Ymacco.AAA3 malicious file